CVE-2019-19580

{"id": "CVE-2019-19580", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 6.8, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.6, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 0.7}]}, "published": "2019-12-11T18:16:19.397", "references": [{"url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00011.html", "source": "cve@mitre.org"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/34HBFTYNMQMWIO2GGK7DB6KV4M6R5YPV/", "source": "cve@mitre.org"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D5R73AYE53QA32KTMHUVKCX6E52CIS43/", "source": "cve@mitre.org"}, {"url": "https://seclists.org/bugtraq/2020/Jan/21", "source": "cve@mitre.org"}, {"url": "https://security.gentoo.org/glsa/202003-56", "source": "cve@mitre.org"}, {"url": "https://www.debian.org/security/2020/dsa-4602", "source": "cve@mitre.org"}, {"url": "https://xenbits.xen.org/xsa/advisory-310.html", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-362"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in Xen through 4.12.x allowing x86 PV guest OS users to gain host OS privileges by leveraging race conditions in pagetable promotion and demotion operations, because of an incomplete fix for CVE-2019-18421. XSA-299 addressed several critical issues in restartable PV type change operations. Despite extensive testing and auditing, some corner cases were missed. A malicious PV guest administrator may be able to escalate their privilege to that of the host. All security-supported versions of Xen are vulnerable. Only x86 systems are affected. Arm systems are not affected. Only x86 PV guests can leverage the vulnerability. x86 HVM and PVH guests cannot leverage the vulnerability. Note that these attacks require very precise timing, which may be difficult to exploit in practice."}, {"lang": "es", "value": "Se detect\u00f3 un problema en Xen versiones hasta 4.12.x permitiendo a usuarios del Sistema Operativo invitado x86 PV conseguir privilegios de Sistema Operativo host al aprovechar las condiciones de carrera en las operaciones de promoci\u00f3n y degradaci\u00f3n de tablas de p\u00e1ginas, debido a una soluci\u00f3n incompleta para CVE-2019-18421. XSA-299 abord\u00f3 varios problemas cr\u00edticos en las operaciones de cambio de tipo PV reiniciables. A pesar de las extensas pruebas y auditor\u00edas, se perdieron algunos casos de esquina. Un administrador invitado malicioso de PV puede escalar sus privilegios a los del host. Todas las versiones de seguridad de Xen son vulnerables. Solo los sistemas en x86 est\u00e1n afectados. Los sistemas ARM no est\u00e1n afectados. Solo los invitados de PV en x86 pueden aprovechar la vulnerabilidad. Los invitados x86 HVM y PVH no pueden aprovechar la vulnerabilidad. Tenga en cuenta que estos ataques requieren un tiempo muy preciso, que puede ser dif\u00edcil de explotar en la pr\u00e1ctica."}], "lastModified": "2023-11-07T03:07:42.383", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:xen:xen:*:*:*:*:*:*:x86:*", "vulnerable": true, "matchCriteriaId": "18F9F58D-58A0-4356-AB70-E5ACF913BFCA", "versionEndIncluding": "4.12.1"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "80F0FA5D-8D3B-4C0E-81E2-87998286AF33"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}